Security News

What Is the DoD’s UC APL:

The Department of Defense created the UC APL (Unified Capabilities Approved Products List) in 2011 to identify solutions that were trusted to address government security concerns.

The UC APL represents the agency’s master list of products available for purchase that are secure, trusted and approved for deployment within the DoD’s technology infrastructure. Only those products listed will be considered for procurement by DoD contracting departments.

If you intend to do business with the U.S. DoD and your product is implemented in the technology infrastructure, you must complete the listing process for the UC APL.

Timeframe and Process:

A typical listing will take roughly 11 to 13 months and will last for three years. This includes the cumbersome testing phase that must occur on a U.S. military base. In addition to testing, a Sponsor must be identified to vouch for your product. With Corsec’s regularly scheduled maintenance, your team will avoid de-listing and other common pitfalls to re-certification.

UC APL Prerequisites:

Prior to beginning your listing, your product must have completed the requirements for FIPS 140-2 as well as Common Criteria. These requirements include documentation and testing in areas such as cryptography, entropy, information assurance, interoperability, and more.

In some cases these certifications and validations can be done simultaneously, leveraging lessons learned, best practises, and testing from one another. Every product is different, but with our turnkey solution, your product can achieve listing in a streamlined approach, completing all the necessary requirements for FIPS, Common Criteria, and JITC testing.